Safeguarding confidential information during a screen share session

ABSTRACT

A method for safeguarding confidential information during a screen share between two computing devices each having a screen. The method includes receiving, from a first computer, a request to share content of one or more applications displayable on a screen of a second computer. The method further includes summarizing the content to be displayed by the one or more applications, and transmitting, by the first computer, the summarized content to be shared by the one or more applications with the second computer. In exemplary embodiments, the summarized content may be password protected. The method may further include prompting, by the second computer, a password entry and displaying, by the second computer, the summarized content based on a password match.

BACKGROUND

Embodiments of the present invention relate generally to the field ofcomputing and more particularly to data processing and protectingconfidential information during a screen sharing session betweenmultiple users.

Screen sharing is a common way for two or more users to workcollaboratively with each other or to communicate interactively. Theavailability of instant messenger chat programs and web-conferencing,together with document sharing, has led to closer working relationshipsbetween employees, even if those employees may be sitting in offices onopposite ends of the world. In many work environments, two or moreemployees currently have the option to share a computer screen withanother member of their team, thereby fostering a closer workingrelationship as well as increasing the chances of revealing confidentialdocuments, emails, or other private information that may be open duringa screen sharing session.

Oftentimes, a user may not pay close attention to content they aresharing, or perhaps not even realize that confidential information iscontained within the content they are sharing. This may be due to a userbeing in a rush, or simply being careless.

Currently, there is no mechanism to automatically hide confidential orprivate information that a user is sharing during a screen sharingsession.

SUMMARY

Embodiments of the invention include a method, computer program product,and system, for safeguarding confidential information during a screenshare session between two computing devices each having a screen.

A method, according to an embodiment, for safeguarding confidentialinformation during a screen share session between two computing deviceseach having a screen, includes receiving, from a first computer, arequest to share content of one or more applications displayable on ascreen of a second computer. The method further includes summarizing thecontent to be displayed by the one or more applications, andtransmitting, by the first computer, the summarized content to be sharedby the one or more applications with the second computer.

A computer program product, according to an embodiment of the invention,includes a non-transitory tangible storage device having program codeembodied therewith. The program code is executable by a processor of acomputer to perform a method. The method includes receiving, from afirst computer, a request to share content of one or more applicationsdisplayable on a screen of a second computer. The method furtherincludes summarizing the content to be displayed by the one or moreapplications, and transmitting, by the first computer, the summarizedcontent to be shared by the one or more applications with the secondcomputer.

A computer system, according to an embodiment of the invention, includesone or more computer devices each having one or more processors and oneor more tangible storage devices; and a program embodied on at least oneof the one or more storage devices, the program having a plurality ofprogram instructions for execution by the one or more processors. Theprogram instructions implement a method. The method includes receiving,from a first computer, a request to share content of one or moreapplications displayable on a screen of a second computer. The methodfurther includes summarizing the content to be displayed by the one ormore applications, and transmitting, by the first computer, thesummarized content to be shared by the one or more applications with thesecond computer.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 illustrates screen sharing computing environment 100, inaccordance with an embodiment of the present invention.

FIG. 2 is a flowchart illustrating the operation of screen sharingprotection program 120, in accordance with an embodiment of the presentinvention.

FIG. 3 depicts a shared computer screen containing summarized content ofa slide in a power-point presentation, in accordance with an embodimentof the present invention.

FIG. 4 depicts a shared computer screen containing full content of aslide in a power-point presentation, in accordance with an embodiment ofthe present invention.

FIG. 5 is a diagram graphically illustrating the hardware components oflinked hyper-video computing environment 100 of FIG. 1, in accordancewith an embodiment of the present invention.

FIG. 6 depicts a cloud computing environment, in accordance with anembodiment of the present invention.

FIG. 7 depicts abstraction model layers of the illustrative cloudcomputing environment of FIG. 6, in accordance with an embodiment of thepresent invention.

DETAILED DESCRIPTION

Currently, there is existing software such as IBM SameTime® (SameTime isa registered trademark of IBM Corporation) meeting room that allows theuser to share either their whole screen or just a file. Furthermore,there are additional precautions that must be considered when a usershares either their screen or a file.

The present invention can intelligently share a user screen, or file,with message composition styles to prevent the user from sharing privateor confidential information by accident. For example, sometimes a usermay not intend to have certain private applications open on theirdesktop during a screen share, or send a particular file to a recipient.Other times, a recipient may have other people in the room who are notintended recipients of the shared information.

Some of the message composition style techniques disclosed by thepresent invention may include only sharing a few keywords in the screenshare session, rather than a full message. In this instance, a sendercan choose to expand the full message through additional menu selectionsor a mouse click. This safety measure provides a second look for thesender in order to ensure that the sent message, or file, is the correctmessage or file for the intended recipient.

Another message composition style technique disclosed by the presentinvention may include only displaying a code name that can be understoodbetween the sender and the receiver, or popping up a small avatar to askthe receiver whether it is OK to currently share the screen.

Hereinafter, exemplary embodiments of the present invention will bedescribed in detail with reference to the attached drawings.

The present invention is not limited to the exemplary embodiments below,but may be implemented with various modifications within the scope ofthe present invention. In addition, the drawings used herein are forpurposes of illustration, and may not show actual dimensions.

FIG. 1 illustrates a screen sharing computing environment 100, inaccordance with an embodiment of the present invention. Computingenvironment 100 includes first computing device 110, second computingdevice 130, and database server 140 all connected via network 102. Thesetup in FIG. 1 represents an example embodiment configuration for thepresent invention, and is not limited to the depicted setup in order toderive benefit from the present invention.

In the example embodiment, first computing device 110 contains userinterface 112, application 114 a, and screen sharing protection program120. In various embodiments, first computing device 110 may be a laptopcomputer, tablet computer, netbook computer, personal computer (PC), adesktop computer, a personal digital assistant (PDA), a smart phone, orany programmable electronic device capable of communicating with secondcomputing device 130 and database server 140 via network 102. Firstcomputing device 110 may include internal and external hardwarecomponents, as depicted and described in further detail below withreference to FIG. 5. In other embodiments, first computing device 110may be implemented in a cloud computing environment, as described inrelation to FIGS. 6 and 7, herein. First computing device 110 may alsohave wireless connectivity capabilities allowing it to communicate withsecond computing device 130 and database server 140, as well as othercomputers or servers over network 102.

In an exemplary embodiment, user interface 112 may be a computer programthat allows a user to interact with first computing device 110 and otherconnected devices via network 102. For example, user interface 112 maybe a graphical user interface (GUI). In addition to comprising acomputer program, user interface 112 may be connectively coupled tohardware components, such as those depicted in FIG. 5, for receivinguser input. In an example embodiment, user interface 112 is a webbrowser, however in other embodiments user interface 112 may be adifferent program capable of receiving user interaction andcommunicating with other devices.

In an exemplary embodiment, application 114 a may be a computer program,on first computing device 110, that is capable of communicating withanother computer, such as second computing device 130. In an exemplaryembodiment, application 114 may be an instant messenger service on firstcomputing device 110 that is capable of sharing a computer screen withother users, receiving and/or sending data files, instant messaging,web-conferencing with a group of one or more users, or sharinginformation on first computing device 110 with second computing device130 via any other known method to one of ordinary skill in the art. Inexemplary embodiments, data files may include, but are not limited to,word processing files, video files, audio files, graphics files, and soforth.

In an exemplary embodiment, application 114 is depicted in FIG. 1 asapplication 114 a on first computing device 110, and as application 114b on second computing device 130 thereby illustrating that application114 is the same on both first computing device 110 and computing device130. For example, a first user, on a first computing device 110, mayutilize the functionality (e.g. screen share, file transfer) of aninstant messaging application only if a second user, on a secondcomputing device 130 also has the same instant messaging application.

In an exemplary embodiment, screen sharing protection program 120contains instruction sets, executable by a processor, which may bedescribed using a set of functional modules. The functional modules ofscreen sharing protection program 120 include data analysis module 122,data summarization module 124, and information delivery module 126.

With continued reference to FIG. 1, second computing device 130 containsuser interface 132 and application 114 b may be a laptop computer,tablet computer, netbook computer, personal computer (PC), a desktopcomputer, a personal digital assistant (PDA), a smart phone, or anyprogrammable electronic device capable of communicating with firstcomputing device 110 and database server 140 via network 102. Whilesecond computing device 130 is shown as a single device, in otherembodiments, second computing device 130 may be comprised of a clusteror plurality of computing devices, working together or workingseparately. Second computing device 130 may be implemented in a cloudcomputing environment, as described in relation to FIGS. 6 and 7,herein. Second computing device 130 may also have wireless connectivitycapabilities allowing it to communicate with first computing device 110and database server 140, as well as other computers or servers overnetwork 102.

In an exemplary embodiment, user interface 132 may be a computer programthat allows a user to interact with second computing device 130 andother connected devices via network 102. For example, user interface 132may be a graphical user interface (GUI). In addition to comprising acomputer program, user interface 132 may be connectively coupled tohardware components, such as those depicted in FIG. 5, for receivinguser input. In an example embodiment, user interface 132 is a webbrowser, however in other embodiments user interface 132 may be adifferent program capable of receiving user interaction andcommunicating with other devices.

With continued reference to FIG. 1, database server 140 includesapplication content sharing history database 142 and may be a laptopcomputer, tablet computer, netbook computer, personal computer (PC), adesktop computer, a personal digital assistant (PDA), a smart phone, aserver, or any programmable electronic device capable of communicatingwith first computing device 110 and second computing device 130 vianetwork 102. While database server 140 is shown as a single device, inother embodiments, database server 140 may be comprised of a cluster orplurality of computing devices, working together or working separately.

In an exemplary embodiment, application content sharing history database142 may store an application type, a shared data file type, sharingfrequency, communication history, and so forth which may be depicted asa data model. For example, the data model may identify the content ofthe shared data file (e.g. whether the application content is text,graphics, images, or video), whether it is possible to have a summarizedor shortened message (e.g. 1 for “yes”, 0 for “no”), recipient, andfrequency. As such, a data model stored in application content sharinghistory database 142 may appear as <JPEG, 1, user3, 5>.

In further embodiments, application content sharing history database 142may store an application sharing history organized by recipient, type offile, and screen sharing protection in place to protect private orconfidential information for a particular file or application. Inalternative embodiments, application content sharing history database142 may be organized in any fashion deemed most useful for the inventionto be utilized.

In various embodiments, application content sharing history database 142may be stored on first computing device 110 as a separate database.

FIG. 2 is a flowchart illustrating the operation of screen sharingprotection program 120, in accordance with an embodiment of the presentinvention.

Referring now to FIGS. 1 and 2, screen sharing protection program 120may detect a screen share of one or more applications having content andsafeguard confidential information from being inadvertently revealedduring a screen share.

With continued reference to FIGS. 1 and 2, data analysis module 122includes a set of programming instructions in screen sharing protectionprogram 120. The set of programming instructions is executable by aprocessor. Data analysis module 122 receives, from a first computingdevice 110, a request to share content of one or more applicationsdisplayable on a screen of a second computing device 130 (step 202). Forexample, one or more applications may be a text document, a power-pointpresentation, a spreadsheet, an image, or any other type of softwaremedium that may be shared, and displayed, electronically with anothercomputing device.

In an exemplary embodiment, data analysis module 122 analyzes whichapplications, or which portion of the computer screen of first computingdevice 110, tend to be shared the most during a screen sharing sessionwith second computing device 130. Data analysis module 122 may detectthe nature of the one or more applications to be shared during a screensharing session with second computing device 130, for example theapplication may be an e-mail client, an instant messaging client, a wordprocessing client, or a software development integrated developmentenvironment (IDE) client.

In exemplary embodiments, data analysis module 122 determines which ofthe one or more applications contain either a lot of text or graphics,or essentially a lot of content. A lot of content within an applicationmay increase the chance of a user sharing information that isconfidential. In exemplary embodiments, data analysis module 122 maydetermine a lot of content within an application by detecting a wordcount, a file size, and/or analyzing metadata of an application.

Data analysis module 122, in exemplary embodiments, may determine whichapplication is suitable for shortening (i.e. summarizing) text contentor graphical content in an application. For example, an e-mail client'stext may be shortened through enabling technology, while source code inan IDE may be more difficult to be summarized.

With continued reference to FIGS. 1 and 2, data summarization module 124includes a set of programming instructions in screen sharing protectionprogram 120. The set of programming instructions is executable by aprocessor. Data summarization module 124 summarizes the content to bedisplayed by the one or more applications (step 204). Summarization ofcontent within an application may simply be taking the subject line ofan e-mail, for example, and displaying only that portion of the e-mail.In other embodiments, summarization may include performing a naturallanguage text analysis of a text document and displaying a span of thetext that includes a general concept, or idea, without including anysensitive or confidential information (e.g. names, numbers, locations),such as specific information about the general concept. In yet otherembodiments, summarization of an image or video may include performingimage analysis techniques to display only a generic thumbnail of aportion of the image, or video.

In exemplary embodiments, data summarization module 124 may determinethat the received content contained within one or more applications maycontain confidential content. As such, data summarization module 124 maybe capable of summarizing the content of the one or more applicationscontaining confidential content. Applications that may containconfidential content may include a web browser, an instant messagingapplication, a work/private e-mail account, just to name a few. Theseapplications contain potentially confidential content, since, if leftopen a user's desktop, may disclose confidential information on a screenshare with a second computing device 130. Examples of confidentialcontent within these applications may include a business spreadsheet, aprivate website, an e-mail discussing confidential work-related matters,a private instant message chat discussing a confidential project, taxinformation, medical information, and so forth.

In another exemplary embodiment, data summarization module 124 may becapable of allowing the user who shares the content of one or moreapplications displayed on their computer screen (i.e. of first computingdevice 110) to further highlight the currently summarized content (e.g.text, graphics, video), with recipients of the content of the one ormore applications displayed on the screen of second computing device130, by selecting a context menu to expand the summarized content tofull content as needed, on the fly.

FIG. 3 depicts a shared computer screen containing summarized content ofa slide in a power-point presentation, in accordance with an embodimentof the present invention.

With reference to FIGS. 1-3, second computing device 130 may receive thesummarized content shared by the one or more applications and displaythe summarized content on the computer screen of second computing device130.

In alternative embodiments, and with continued reference to FIGS. 1-3, auser on computing device 110 may be sharing the content of one or moreapplications displayed on her computer screen, for example a power-pointpresentation, in a web conference with multiple users using multiplecomputing devices, including second computing device 130, at once. Someof the users may not be privy to viewing some of the informationpresented. In this scenario, data summarization module 124 may onlydisplay a summarized content of the slide, for example “SoftwareFunctional Specification”, rather than the entire power-point slide. Inthis scenario, the users with clearance to view the full slide may needto input a password to unlock the slide contents. Alternatively, theuser sharing the screen may have the option to lock/unlock thesummarized content for a pre-configured list of recipients of the screenshare.

With continued reference to FIGS. 1-3, in exemplary embodiments, thesummarized content of an application may be password protected, whereindata summarization module 124 prompts a request to view the summarizedcontent shared by the one or more applications. Second computing device130 may display the summarized content based on a password match enteredby a user of second computing device 130.

In another exemplary embodiment, the user who shares content of one ormore applications displayed on the computer screen may click on thelock/unlock button to reveal the password protected (i.e. locked)summarized content (e.g. text, graphics, video) and select a contextmenu to expand the content to full content as needed on the fly. Thismechanism prevents unwanted disclosure of confidential or privateinformation and provides the user, who is screen sharing the displayedcontent, with additional control over the content on the screen share.

In an exemplary embodiment, data summarization module 124 may provide auser of the first computing device 110 with an option to select acontext menu to expand the summarized content to full content, asneeded, or to contract the full content back to the summarized content,as needed.

With reference to an illustrative example, user A may be engaged in ascreen sharing session with user B. Data summarization module 124 maydetect that user A has unintended open documents, or applications,displayed on his shared screen, and summarize the content within thosedocuments/applications. Furthermore, data summarization module 124 maysummarize the content of an application that user A intended to sharewith user B. This feature may prevent unintended disclosure ofconfidential, or private, content based on user A's oversight, orcarelessness. In this embodiment, user A maintains full control over thedisplayed content on her screen by controlling the expanding, orcontracting, of the summarized content of shared documents/applicationsby the click of a mouse, for example. In exemplary embodiments, user Amay have the option to turn on/off the data summarization feature at anytime.

FIG. 4 depicts a shared computer screen containing full content of aslide in a power-point presentation, in accordance with an embodiment ofthe present invention.

With reference to FIGS. 1-4, in alternative embodiments, datasummarization module 124 may share the summarized content of firstcomputing device 110 with second computing device 130, and require apassword match, entered by a user of the second computing device 130, toreveal, or share, the content of the one or more shared applications.FIG. 4 depicts a screen share of an application, from computing device110, to a user of second computing device 130 who successfully enters apassword to access the full content of the power-point slide.

In alternative embodiments, data summarization module 124 may determine,by natural language processing, that the received content of the one ormore applications contain confidential content, wherein the confidentialcontent comprises any one of a personal name, address, bank information,telephone number, date of birth, and social security number, or anycombination thereof, and summarizes the confidential content. Forexample, natural language processing techniques, within datasummarization module 124, may be capable of crawling text within sharedcontent of an application and summarizing the discovered confidentialcontent, for example by replacing it with the appropriate words, such as“Name”; “Private bank information”; “Private SS information”; and soforth.

In alternative embodiments, data summarization module 124 may be capableof blurring, removing, or covering up confidential content discovered bynatural language processing techniques.

In alternative embodiments, data summarization module 124 may expand asummarized content to full content during a screen share with secondcomputing device 130, and revert the full content back to the summarizedcontent upon detecting a user is away from the second computing device130. For example, data summarization module 124 may be capable ofdetecting idle time of computing device 130 and if a certain thresholdof idle time is reached, the full content share may revert back to thesummarized content, thus avoiding potentially sensitive content fromremaining open on a computer screen of second computing device 130 whena user may have walked away from the computer.

In another alternative embodiment, data summarization module 124 mayrequire a user of second computing device 130 to re-enter a password ifa certain threshold of idle time has elapsed without any keyboardstrokes. In yet another alternative embodiment, data summarizationmodule 124 may end a screen sharing session altogether if determinedthat the second computing device 130 is idle for a certain threshold oftime.

In another alternative embodiment, data summarization module 124 mayrevert the full content of a screen share back to a summarized contentbased on second computing device 130 detecting that a user has movedaway from the keyboard, via a camera on second computing device 130.Detection of a user moving away from second computing device 130 mayalso be determined by picking up a change in the lighting of a room, viathe computer camera or light sensors on second computing device 130,which may indicate that a user has left the room.

With continued reference to FIGS. 1 and 2, information delivery module126 includes a set of programming instructions in screen sharingprotection program 120. The set of programming instructions isexecutable by a processor. Information delivery module 126 transmits, bythe first computing device 110, the summarized content, to be shared bythe one or more applications, with the second computing device 130 (step206).

In exemplary embodiments, information delivery module 126 may determinewhether it is acceptable to share the summarized content based on a userat second computing device 130 indicating that it is acceptable toshare. Based on the user at second computing device 130 indicating it isacceptable to proceed with a screen share, information delivery module126 may transmit the summarized content to be shared by the one or moreapplications. For example, information delivery module 126 may pop up anavatar on second computing device 130 to ask the receiver if it is OK toshare the screen at the current time. This safety measure may prevent anunwanted screen share, or private message, when there may be otherpeople around or if the user is engaged in a different screen share withother user(s).

In an exemplary embodiment, information delivery module 126 may replacethe summarized content with a code name when the second computing device130 is engaged in a different screen sharing session at the time ofreceiving the summarized content, wherein the code name is based on acommunication history between the first computing device 110 and thesecond computing device 130. A code name may include a word, a sentence,or a phrase that may refer to a specific document, conversation, topic,etc. that the user of the second computing device 130 may recognize. Forexample, a user on second computing device 130 may receive an instantmessage from a user on first computing device 110 referencing a priorconfidential instant messaging conversation from earlier that day. Acode name (e.g. “Earlier conversation” or “Business project”) may conveythe topic of the conversation, or a reference to the prior conversation,without revealing any confidential information that may accidentally beseen by a third party in the event the user on second computing device130 is currently engaged in a screen sharing session with a third party.This safety mechanism prevents the accidental, or incidental, revelationof confidential information to one or more third-parties. When thesecond computing device 130 is dis-engaged from the third-party screensharing session, the receiver may then access the information containingthe code name.

FIG. 5 is a block diagram depicting components of a computing device inaccordance with an embodiment of the present invention. It should beappreciated that FIG. 5 provides only an illustration of oneimplementation and does not imply any limitations with regard to theenvironments in which different embodiments may be implemented. Manymodifications to the depicted environment may be made.

Computing device of FIG. 5 may include one or more processors 902, oneor more computer-readable RAMs 904, one or more computer-readable ROMs906, one or more computer readable storage media 908, device drivers912, read/write drive or interface 914, network adapter or interface916, all interconnected over a communications fabric 918. Communicationsfabric 918 may be implemented with any architecture designed for passingdata and/or control information between processors (such asmicroprocessors, communications and network processors, etc.), systemmemory, peripheral devices, and any other hardware components within asystem.

One or more operating systems 910, and one or more application programs911, such as screen sharing protection program 120, may be stored on oneor more of the computer readable storage media 908 for execution by oneor more of the processors 902 via one or more of the respective RAMs 904(which typically include cache memory). In the illustrated embodiment,each of the computer readable storage media 908 may be a magnetic diskstorage device of an internal hard drive, CD-ROM, DVD, memory stick,magnetic tape, magnetic disk, optical disk, a semiconductor storagedevice such as RAM, ROM, EPROM, flash memory or any othercomputer-readable tangible storage device that can store a computerprogram and digital information.

Computing device of FIG. 5 may also include a R/W drive or interface 914to read from and write to one or more portable computer readable storagemedia 926. Application programs 911 on computing device may be stored onone or more of the portable computer readable storage media 926, readvia the respective R/W drive or interface 914 and loaded into therespective computer readable storage media 908.

Computing device of FIG. 5 may also include a network adapter orinterface 916, such as a TCP/IP adapter card or wireless communicationadapter (such as a 4G wireless communication adapter using OFDMAtechnology). Application programs 911 on computing device of FIG. 5 maybe downloaded to the computing device from an external computer orexternal storage device via a network (for example, the Internet, alocal area network or other wide area network or wireless network) andnetwork adapter or interface 916. From the network adapter or interface916, the programs may be loaded onto computer readable storage media908. The network may comprise copper wires, optical fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers.

Computing device of FIG. 5 may also include a display screen 920, akeyboard or keypad 922, and a computer mouse or touchpad 924. Devicedrivers 912 interface to display screen 920 for imaging, to keyboard orkeypad 922, to computer mouse or touchpad 924, and/or to display screen920 for pressure sensing of alphanumeric character entry and userselections. The device drivers 912, R/W drive or interface 914 andnetwork adapter or interface 916 may comprise hardware and software(stored on computer readable storage media 908 and/or ROM 906).

The programs described herein are identified based upon the applicationfor which they are implemented in a specific embodiment of theinvention. However, it should be appreciated that any particular programnomenclature herein is used merely for convenience, and thus theinvention should not be limited to use solely in any specificapplication identified and/or implied by such nomenclature.

Referring now to FIG. 6, illustrative cloud computing environment 50 isdepicted. As shown, cloud computing environment 50 includes one or morecloud computing nodes 10 with which local computing devices used bycloud consumers, such as, for example, personal digital assistant (PDA)or cellular telephone 54A, desktop computer 54B, laptop computer 54C,and/or automobile computer system 54N may communicate. Nodes 10 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows cloud computing environment 50 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 54A-N shownin FIG. 6 are intended to be illustrative only and that computing nodes10 and cloud computing environment 50 can communicate with any type ofcomputerized device over any type of network and/or network addressableconnection (e.g., using a web browser).

Referring now to FIG. 7, a set of functional abstraction layers providedby cloud computing environment 50 (FIG. 6) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 7 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 60 includes hardware and softwarecomponents. Examples of hardware components include: mainframes 61; RISC(Reduced Instruction Set Computer) architecture based servers 62;servers 63; blade servers 64; storage devices 65; and networks andnetworking components 66. In some embodiments, software componentsinclude network application server software 67 and database software 68.

Virtualization layer 70 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers71; virtual storage 72; virtual networks 73, including virtual privatenetworks; virtual applications and operating systems 74; and virtualclients 75.

In one example, management layer 80 may provide the functions describedbelow. Resource provisioning 81 provides dynamic procurement ofcomputing resources and other resources that are utilized to performtasks within the cloud computing environment. Metering and Pricing 82provide cost tracking as resources are utilized within the cloudcomputing environment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal 83 provides access to the cloud computing environment forconsumers and system administrators. Service level management 84provides cloud computing resource allocation and management such thatrequired service levels are met. Service Level Agreement (SLA) planningand fulfillment 85 provide pre-arrangement for, and procurement of,cloud computing resources for which a future requirement is anticipatedin accordance with an SLA.

Workloads layer 90 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation 91; software development and lifecycle management 92; virtualclassroom education delivery 93; data analytics processing 94;transaction processing 95; analytics services 96, including thosedescribed in connection with FIGS. 1-7.

The present invention may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

What is claimed is:
 1. A computer-implemented method for safeguardingconfidential information during a screen share session between twocomputing devices each having a screen, comprising: summarizing sharedcontent to be displayed by one or more applications; expanding thesummarized content to full content during a screen share with a secondcomputer; reverting the full content back to the summarized content upondetecting a user is away from the second computer; replacing thesummarized content with a code name when the second computer is engagedin a different screen sharing session, wherein the code name is based ona communication history between the first computer and the secondcomputer; receiving, by the second computer, the summarized contentshared by the one or more applications; and displaying, by the secondcomputer, the summarized content.
 2. The computer-implemented method ofclaim 1, wherein the summarized content is password protected, andfurther comprising: prompting, by the second computer, a password entry;and displaying, by the second computer, the summarized content based ona password match.
 3. The computer-implemented method of claim 1, furthercomprising: providing a user of the first computer an option to select acontext menu to expand the summarized content to full content, or tocontract the full content back to the summarized content.
 4. Thecomputer-implemented method of claim 1, further comprising: receiving,by the first computer, a first computer user input to display thecontent in place of the summarized content; and displaying, by thesecond computer, the content.
 5. The computer-implemented method ofclaim 1, wherein summarizing the content of the one or more applicationsis based on: determining that the received content of the one or moreapplications comprise confidential content; and summarizing theconfidential content.
 6. The computer-implemented method of claim 1,wherein summarizing the content of the one or more applications is basedon: determining, by natural language processing, that the receivedcontent of the one or more applications comprise confidential content,wherein the confidential content comprises any one of a personal name,address, bank information, telephone number, date of birth, and socialsecurity number, or any combination thereof; and summarizing theconfidential content.
 7. The computer-implemented method of claim 1,further comprising: transmitting, by the first computer, the summarizedcontent to be shared by the one or more applications with the secondcomputer based on a user at the second computer indicating it isacceptable to share.
 8. The computer-implemented method of claim 1,further comprising: transmitting, by the first computer, the summarizedcontent to be shared by the one or more applications with the secondcomputer.
 9. A computer program product, comprising a non-transitorytangible storage device having program code embodied therewith, theprogram code executable by a processor of a computer to perform amethod, the method comprising: summarizing shared content to bedisplayed by one or more applications; expanding the summarized contentto full content during a screen share with a second computer; revertingthe full content back to the summarized content upon detecting a user isaway from the second computer; replacing the summarized content with acode name when the second computer is engaged in a different screensharing session, wherein the code name is based on a communicationhistory between the first computer and the second computer; receiving,by the second computer, the summarized content shared by the one or moreapplications; and displaying, by the second computer, the summarizedcontent.
 10. The computer-implemented method of claim 9, furthercomprising: providing a user of the first computer an option to select acontext menu to expand the summarized content to full content, or tocontract the full content back to the summarized content.
 11. Thecomputer program product of claim 9, further comprising: receiving, bythe first computer, a first computer user input to display the contentin place of the summarized content; and displaying, by the secondcomputer, the content.
 12. The computer program product of claim 9,wherein summarizing the content of the one or more applications is basedon: determining that the one or more received content of the one or moreapplications comprise confidential content; and summarizing theconfidential content.
 13. The computer program product of claim 9,wherein summarizing the content of the one or more applications is basedon: determining, by natural language processing, that the receivedcontent of the one or more applications comprise confidential content,wherein the confidential content comprises any one of a personal name,address, bank information, telephone number, date of birth, and socialsecurity number, or any combination thereof; and summarizing theconfidential content.
 14. The computer program product of claim 9,further comprising: transmitting, by the first computer, the summarizedcontent to be shared by the one or more applications with the secondcomputer.
 15. A computer system, comprising: one or more computerdevices each having one or more processors and one or more tangiblestorage devices; and a program embodied on at least one of the one ormore storage devices, the program having a plurality of programinstructions for execution by the one or more processors, the programinstructions comprising instructions for: summarizing shared content tobe displayed by one or more applications; expanding the summarizedcontent to full content during a screen share with a second computer;reverting the full content back to the summarized content upon detectinga user is away from the second computer; replacing the summarizedcontent with a code name when the second computer is engaged in adifferent screen sharing session, wherein the code name is based on acommunication history between the first computer and the secondcomputer; receiving, by the second computer, the summarized contentshared by the one or more applications; and displaying, by the secondcomputer, the summarized content.
 16. The computer system of claim 15,further comprising: providing a user of the first computer an option toselect a context menu to expand the summarized content to full content,or to contract the full content back to the summarized content.
 17. Thecomputer system of claim 15, further comprising: receiving, by the firstcomputer, a first computer user input to display the content in place ofthe summarized content; and displaying, by the second computer, thecontent.